PRIVACY AND THE GENERAL DATA PROTECTION REGULATIONS (GDPR)

How we look after and safeguard information about you

1. Important notice

This Privacy Policy describes how we obtain and use your personal data, why we are allowed to do so by the law, who has access to your personal data and what your rights are. Please review it carefully.

In the event that the Site contains a separate Privacy Statement linked to via the Site homepage, in the case of conflict between that Privacy Statement and this Privacy Policy, the Privacy Statement shall prevail over this Privacy Policy

We take your privacy seriously and use your personal data as further explained in this Privacy Policy. We are the “controller” of the personal data you provide to us.

You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including any related profiling). For more information about your rights and how you can exercise them, please see the section Your rights.

2. Personal Data we may collect and why

Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services). 

We may collect and record the following information about you:

As part of providing a professional, safe and efficient service, there is certain information that we record. This includes details about your ocular health, your general health, advice given and referrals made to other health professionals. This information won’t be shared with anyone else except under the circumstances described below in ‘Sharing Information’.

• Information relevant to your continued care: we may record information relevant to your continued care from other people that care for you and know you well.  This could be other health professionals and relatives
• Contact details: your name, email address, and telephone number so that we can contact you in response to an enquiry you make via our Site or in relation to the products and services that we have from time to time agreed to provide to you;
• Correspondence: we collect any additional personal data you may provide to us from time to time if you contact us by email, letter or telephone, through our Site, by submitting a comment on our Site, or by any other means;
• Frame and contact lens: details of your spectacles, frames and contact lens prescription that are supplied to you
• Medical details: notes and information about your health and medical treatment.  This may also include a record of any medicines that have been prescribed by your doctor or a hospital
• Frame and contact lens: details of your spectacles, frames and contact lens prescription that are supplied to you
• Survey responses: information from surveys that we use for research purposes, if you choose to respond to them;
• Transaction details: we or our third party providers will collect information relating to transactions you carry out through our Site and for the purposes of fulfilling your orders;
• Details of visits to the Sites: details of your visits to our Site, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

Sharing Information

The information held about you will not be shared for any reason, unless:

You ask us to do so;
We ask and you give us specific permission;
We are permitted by law, for example where public interest overrides the need to keep the information confidential.

The types of people we may ask you for permission to share information with include your doctors (GP and hospital) and other health professionals.

Anyone who receives information from us also has a legal duty to keep this information confidential, subject to recognised exceptions of the types listed above. Important Notice

Following an eye examination (or on completion of a contact lens fitting) patients will be given a copy of their prescription (specification). Copies of both the above documents can be issued for a small charge but for the safeguard of our patients the following should be noted:

• The document will need to be signed by the prescribing optician. He or she may be available on the same day, but the signature may be delayed until the optician is next in the practice.
• Details will not be given out over the telephone, this is for both security and the elimination of transcription errors.
• Under no circumstances will patient details be given out to a 3rd party unless under strict written authorization of the patient concerned.

 Your Rights

 You have the right to confidentiality under the GDPR, the Human Rights Act 1998 and the common law duty of confidence (the Disability Discrimination and the Race Relations Acts may also apply). We also comply with the NHS Code of Practice on Confidentiality and optical practices have a requirement under their professional Code of Ethics to keep records about you confidential, secure and accurate.

All of our staff contracts of employment contain a requirement to keep patient information confidential.

Our guiding principle is that we hold your records in strict confidence.

Your right to view your health record

 You have the right to ask for a copy of all our records about you.

You will need to give adequate information in order for optical staff to identify you (for example, full name, address and date of birth).

If you think any information we hold on you is inaccurate or incorrect, please let us know.

Our general data protection policy is set out below;

All personal data will be relevant and lawfully collected

Data shall only be held and used for lawful purposes

Data held on a specific patient will not be disclosed unless under written permission from the said patient

Every effort will be made to ensure data is accurate and up to date

An individual shall be entitled:

• at reasonable intervals and without undue delay or expense.
• to be informed by any Data User whether he holds personal data of which that individual is the subject.
• to have access to any such data held by a Data user; and where appropriate, to have such data corrected or erased.

REQUEST FOR ACCESS TO DATA

Where we have already provided the information and you require a duplicate (such as a duplicate copy of your prescription) a fee of £20 is payable in advance.

A request for access to personal data must be made in writing subject to any applicable exemption. A copy of information held both on manual record and computer will be provided, we do not charge for this unless it is a duplicate of information already provided. We are required to respond to your request within 21 days.

3. Cookies

What are Cookies?

We collect information about your use of our Site through cookies. Cookies are information that files stored on your computer, tablet or smartphone that help websites remember who you are and information about your visit. Cookies can help to display the information on our Site in a way that matches your interests. Most major websites use cookies.

1. What cookies are used on this Site?

The cookies we and our business partners use on our Site are broadly grouped into the following categories:

• Essential – Some of the cookies on our Site are essential for us to be able to provide you with a service you have requested. An example of this could be a cookie used to enable you to log into your account on our Site or which allows communication between your browser and our Site. Our cookie preference cookie described in the section “How can I reject or opt out of receiving cookies?” is also an essential cookie. You may not be able to use our Site without these cookies. 
• Analytics – We use analytics cookies to helps us understand how users engage with our Site. An example is counting the number of different people coming to our Site or using a particular feature, rather than the total number of times the site or feature is used. Without this cookie, if you visited our Site once each week for three weeks we would count you as three separate users. We would find it difficult to analyse how well our Site was performing and improve it without these cookies. 
• User Cookies – We use cookies to improve your experience by remembering your preferences so we know how you like to use our Site. Examples of this would be remembering you so that you are served with the same content or to remember you when you come back to our Site. 
• Social Sharing – We use third party cookies to allow you to share content directly on the social networking/sharing sites like Facebook, Twitter or Google+. Examples would be if you wanted to “like” or “tweet” about us or our products or services. Please see our “Third Party Cookies” section below for more details. 
• Interest-Based Advertising – You will have noticed that when you visit websites you will be shown adverts for products and services you may wish to buy. The money made by website owners for showing third party adverts on their websites often pays for the cost of running the website and therefore usually allows you to use the website without having to pay a registration or usage fee. To try and ensure that the adverts you see are relevant to you third party cookies may be used to collect information about the types of things that interest you, for example websites you visit and the geography that you are based in. Having these cookies does not increase the number of adverts you will be shown, but simply makes the adverts you see more relevant. Please see our “Third Party Cookies” section below for more details.

1. How can I reject or opt out of receiving cookies?

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you use our Site. The “Help” menu of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. For more information about cookies and how to stop cookies being installed or how to delete existing cookies from your hard drive visit the following website: http://www.allaboutcookies.org.

1. Third party cookies

Some of the cookies described in the “What Cookies are used on our Site” section above are stored on your machine by third parties when you use our Site. Third parties may also read cookies on your browser to collect information or to serve content or advertisements to you. We have no control over these cookies or how the third parties use them. They are used to allow that third party to provide a service to us, for example analytics. For more information on these cookies and how to disable them, please see:

• Internet Advertising Bureau website at http://www.youronlinechoices.com/ where you will be able to opt-out of receiving Interest-Based Advertising cookies from some of the third parties listed below; and/or
• If you want to know more about how cookies work and how to manage or delete them, visit the World Wide Web Consortium’s website.

4. How we use your personal data

We use your personal data for the following purposes:

To provide you with the products and services you have requested
We use your personal data to accept you as a new or returning customer to provide you with the products and services you have requested in accordance with the Trading Terms or Terms of Trading.

To send you service communications, including in relation to changes to our Trading Terms or Terms of Trading
We use the contact details you have provided to us so that we can communicate with you about the products and services that we provide, including to let you know about major changes to those products and services or to the Trading Terms or Terms of Trading between us or to any related information.

Direct marketing (including by third parties)
If you have provided your consent or we otherwise have the right to do so, we may use your contact details to send you direct marketing and keep you informed of promotional offers by email, SMS, post or telephone relating to our products and services.

You can unsubscribe from our direct marketing at any time by clicking the “Unsubscribe” link in any of our emails or by contacting us.

Our trusted business partners would also like to use your name, email address, postal address and telephone number to inform you of similar products, services and promotional offers. We will only share your personal data with our partners where you have provided us with your consent to do so. You can unsubscribe at any time by clicking the “Unsubscribe” link in any of their emails or by contacting us.

To track your usage of our website, communications, products and services
We use cookies and similar technologies to track your activity on our Site so that we can provide important features and functionality on our Site, monitor its usage, and provide you with a more personalised experienced.

To provide and improve customer support
We use your personal data to be able to provide and improve the customer support we provide to you (for example, where you have questions about our products and services).

To maintain our records and improve data accuracy
Like any business, we process personal data in the course of maintaining and administering our internal records. This includes processing your personal data to ensure that the information we hold about you is kept up to date and accurate.

To respond to enquiries, complaints and disputes
We use the personal data we hold about you to help us respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you, in the most effective manner.

To investigate, detect and prevent fraud and comply with our legal obligations
In certain circumstances, we use your personal data only to the extent required in order to enable us to comply with our legal obligations, including for fraud detection, investigation and prevention purposes. This may require us to provide your personal data to law enforcement agencies if they request it.

5. Legal grounds for processing

Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law and we rely on a number of different grounds for the processing we carry out. These are as follows:

Consent

In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:

• sending you marketing communications about our products and services;
• sharing your name, email address, postal address and telephone number with our trusted business partners so that they may market to you about their own similar products and services;
• conducting marketing research;
• obtaining your credit score so that we can establish the best possible payment terms we are able to offer to you.

Necessary for the performance of a contract and to comply with our legal obligations

It is necessary for us to process your basic contact details, payment details and information about the business you represent for the performance of the Trading Terms or Terms of Trading between us. In particular, we rely on this legal ground to:

• provide you with the products and services;
• communicate with you about the products and services that we provide to you, including to let you know about major changes to those products and services or to the Trading Terms or Terms of Trading between us or to any related information;
• provide and improve customer support; and
• notify you about changes to our service

If you choose not to give some or all of the aforementioned information to us, this may affect our ability to provide our products and services to you.

In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, investigate and prevent fraud.

Necessary for the purposes of our legitimate business interests or those of a third party
It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business, which are to:

• provide you with products and services that are as useful and beneficial as possible, including by personalising our contact with you and making sure we tell you about all the offers that are relevant to you;
• better understand our customer base so that we can improve our products and services and marketing activities (which could also benefit you);
• comply with our contractual obligations to third parties;
• develop and improve our Site to enhance the customer experience;
• train our staff so that we can provide you with a better customer service;
• respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you; and
• to ensure that content from our Site is presented in the most effective manner for you and for your computer;
• ensure effective operational management and internal administration of our business, document retention, compliance with regulatory guidance and exercise or defence of legal claims.

Where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not process your personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing or it is necessary for us to perform our contract with you or to comply with our legal obligations).

6. Who we share your personal data with

We may provide your personal data to our suppliers and service providers, including other companies in our group, who provide certain business services for us and act as “processors” of your personal data on our behalf. In addition, we may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property, or safety, of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection.

In some cases, the personal data we collect from you may, for the purposes set out above, be transferred outside the European Economic Area (EEA) and such destinations may not have laws which protect your personal data to the same extent as in the EEA. We are required by data protection law to ensure that where we or our “processors” transfer your personal data outside of the EEA, it is treated securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this Privacy Policy.

7. How long we keep your personal data for

We retain your personal data for no longer than is necessary for the purposes(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:

• legal obligation(s) under applicable law to retain data for a certain period of time;
• statute of limitations under applicable law;
• potential or actual disputes; and
• guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your personal data from our systems when it is no longer needed.

8. Your rights

You have the following rights regarding your personal data:

9. How to contact us

If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, please feel free to contact us by using the details set out on our Site.

If you’re not satisfied with our response to any enquiries or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by:

• writing to: Information Commissioner’s Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
• calling: 0303 123 1113; or
• submitting a message through the ICO’s website at: ico.org.uk

10. Links to other websites

Our website may contain hyperlinks to websites owned and operated by third parties. This Privacy Policy does not apply to those other websites. We encourage you to read the privacy statements on the other websites you visit, as they will govern the use of any personal data you provide when visiting those websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

11. Changes to this Privacy Policy

This Privacy Policy was last updated on 1 May 2018.

This Privacy Policy may be updated from time to time, so you may want to check it each time you provide personal data to us.

Complaints Policy

We welcome comments, suggestions and complaints so that we can continually improve our service to you. Please contact Neha Patel in person or by phone, letter or email if you have a comment, suggestion or complaint.

We take complaints very seriously and have an effective procedure to resolve any problems in the shortest possible time. You can read more about our procedure in our complaints policy. We always want to have satisfied clients.

If you need to contact us please do so either by email or in writing.

Data Controller – Neha Patel

Fiona Watt Optometrists
265 Coombe Lane,
West Wimbledon,
London,
SW20 0RH

020 8944 6886
info@fionawattoptometrists.co.uk